gcleaner | d60d04f849927888e4b416e3f5064f518d0cbef7e91cc67d3d9e8824bfaad641 | Triage

Sharing

General

Target

d60d04f849927888e4b416e3f5064f518d0cbef7e91cc67d3d9e8824bfaad641.exe
Size

2.5MB
Sample

230405-m7acrsgb8s
MD5

6206dea2bf6196957d704e499e2f4218
SHA1

388dbc7a4b26f64ee1ede8c37bf969e1bcef7ed2
SHA256

d60d04f849927888e4b416e3f5064f518d0cbef7e91cc67d3d9e8824bfaad641
SHA512

e3d1ce8f7130756f81c8b579c4eb7ad0187e7c33768e0c5250c339dce0342ebf0a274e696c1af97970c87eee43d65ee74683a06418abdc808b913aedfb51ba75
SSDEEP

49152:JI2fq0JHJerQ0ERLbhTcDiJL8Psy2ZSL5W/KwX5:JIx0JHJerQ0ERBTcDiJQPsy2ZSL5W/Ke

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  d60d04f849927888e4b416e3f5064f518d0cbef7e91cc67d3d9e8824bfaad641.exe
- Size
  
  2.5MB
- MD5
  
  6206dea2bf6196957d704e499e2f4218
- SHA1
  
  388dbc7a4b26f64ee1ede8c37bf969e1bcef7ed2
- SHA256
  
  d60d04f849927888e4b416e3f5064f518d0cbef7e91cc67d3d9e8824bfaad641
- SHA512
  
  e3d1ce8f7130756f81c8b579c4eb7ad0187e7c33768e0c5250c339dce0342ebf0a274e696c1af97970c87eee43d65ee74683a06418abdc808b913aedfb51ba75
- SSDEEP
  
  49152:JI2fq0JHJerQ0ERLbhTcDiJL8Psy2ZSL5W/KwX5:JIx0JHJerQ0ERBTcDiJQPsy2ZSL5W/Ke
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2